November 2008 -

Archive for November, 2008

Federal Agency SSN Use Mandate Has Been Removed!

Sunday, November 30th, 2008

On November 18 President Bush signed Executive Order 13478; see how/if it impacts your organization and how you use social security numbers (SSNs), and how it will impact how you require SSNs. And now you personall should NOT need to provide SSNs as often…

(more…)

Tags:awareness and training, Executive Order 13478, Information Security, IT compliance, IT training, policies and procedures, privacy training, risk management, security training, social security numbers, SSN
Posted in government, Laws & Regulations | No Comments »

A New Risk Management Standard Worth Looking At

Saturday, November 29th, 2008

The bulk of data protection laws and regulations require that security and privacy controls be established based upon the organization’s existing and unique risks. Many organizations struggle to find a way to effectivevly determine the risks that exist for their businesses. Often what results is similar to taking a shot in the dark to determine risks.

(more…)

Tags:awareness and training, Information Security, ISO/IEC 27005:2008, IT compliance, IT training, policies and procedures, privacy training, risk management, security training
Posted in Information Security | No Comments »

Are Cybercriminals Willing To Risk Death?

Friday, November 28th, 2008

Whoa…here’s what should be a good cybercrime deterrent…

(more…)

Tags:awareness and training, cybercrime, Information Security, IT compliance, IT training, Pakistan, policies and procedures, privacy training, risk management, security training
Posted in Laws & Regulations | No Comments »

Healthy Paranoia: A Nice Note That Brightened My Day!

Wednesday, November 26th, 2008

Recently I was pleasantly surprised to receive the following message…

(more…)

Tags:awareness and training, Information Security, IT compliance, IT training, policies and procedures, privacy training, risk management, security training
Posted in Information Security, Miscellaneous | No Comments »

Healthy Paranoia: A Nice Note That Brightened My Day!

Wednesday, November 26th, 2008

Recently I was pleasantly surprised to receive the following message…

(more…)

Tags:awareness and training, Information Security, IT compliance, IT training, Kelly Sonora, policies and procedures, privacy training, risk management, security training, Top 50 Security Blogs
Posted in Information Security, Miscellaneous | No Comments »

Continued Use Of Site Means Consent to Privacy Policy Changes?

Tuesday, November 25th, 2008

I speak with many folks about the importance of published website privacy policies, along with the issues of obtaining consent…not implied but explicit/express…to change the terms of privacy policies.
I also participate in LinkedIn, and I have found it to be a great and valuable tool to network and communicate with other information security and privacy practicitioners.
So, today when I logged in I was quite interested to see the following banner posted on the home page…

(more…)

Tags:awareness and training, express consent, FTC, implied consent, Information Security, IT compliance, IT training, LinkedIn, policies and procedures, privacy policy change, privacy training, risk management, security training
Posted in Privacy and Compliance | 2 Comments »

Cloud Computing & Privacy

Monday, November 24th, 2008

While doing some research on cloud computing and considering the privacy and information security implications, I ran across a recent (11/18/2008) report from the Constitution Project, “Liberty and Security: Recommendations for the Next Administration and Congress“.
The following is an excerpt from page 184…

(more…)

Tags:awareness and training, Constitution Project, Information Security, IT compliance, IT training, policies and procedures, privacy training, risk management, security training
Posted in government, Privacy and Compliance | No Comments »

Cloud Computing & Privacy

Monday, November 24th, 2008

(more…)

Cloud Computing & Privacy

Monday, November 24th, 2008

(more…)

Tags:awareness and training, cloud computing, Constitution Project, Information Security, IT compliance, IT training, policies and procedures, privacy training, risk management, security training
Posted in government, Privacy and Compliance | 1 Comment »

Vishing Very Vicious

Sunday, November 23rd, 2008

Ah, the fun and joys of texting, and everything else that accompanies cell phones and smart phones!
The dirty dogs who created phishing saw great opportunity to move their electronic social engineering scam to the phone to try and dupe anyone who falls for their seductive lures of saving large sums of money, winning huge pots of money, or otherwise seeing or participating in salacious activities and fun. Vishing criminals also try tactics of scaring you into giving them your personally identifiable information (PII) by threatening you with lawsuits, or worse.

(more…)

Tags:awareness and training, Information Security, IT compliance, IT training, policies and procedures, privacy training, risk management, scott wright, security training, Streetwise Security Coach
Posted in Information Security | No Comments »

Archive for November, 2008

A New Risk Management Standard Worth Looking At

Are Cybercriminals Willing To Risk Death?

Healthy Paranoia: A Nice Note That Brightened My Day!

Healthy Paranoia: A Nice Note That Brightened My Day!

Cloud Computing & Privacy

Cloud Computing & Privacy

Vishing Very Vicious

Search Privacyguidance

Categories

Archives

Blogroll

Meta

Syndicate